ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aonis...@apache.org
Subject [36/55] [abbrv] ambari git commit: AMBARI-20600 : AMS grafana restart fails with ssl error after upgrading from 2.4.2.0. (avijayan)
Date Fri, 31 Mar 2017 07:22:43 GMT
AMBARI-20600 : AMS grafana restart fails with ssl error after upgrading from 2.4.2.0. (avijayan)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/179b3565
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/179b3565
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/179b3565

Branch: refs/heads/branch-3.0-perf
Commit: 179b3565aafee3a340875380c6ae10aad0cd7534
Parents: 102dcde
Author: Aravindan Vijayan <avijayan@hortonworks.com>
Authored: Wed Mar 29 14:20:17 2017 -0700
Committer: Andrew Onishuk <aonishuk@hortonworks.com>
Committed: Fri Mar 31 10:21:45 2017 +0300

----------------------------------------------------------------------
 ambari-common/src/main/python/ambari_commons/network.py  |  2 ++
 .../0.1.0/configuration/ams-grafana-ini.xml              | 11 +++++++++++
 .../0.1.0/package/scripts/metrics_grafana_util.py        |  8 ++++----
 .../AMBARI_METRICS/0.1.0/package/scripts/params.py       |  1 +
 4 files changed, 18 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/179b3565/ambari-common/src/main/python/ambari_commons/network.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/ambari_commons/network.py b/ambari-common/src/main/python/ambari_commons/network.py
index 6ab92b2..4c589f3 100644
--- a/ambari-common/src/main/python/ambari_commons/network.py
+++ b/ambari-common/src/main/python/ambari_commons/network.py
@@ -53,12 +53,14 @@ def get_http_connection(host, port, https_enabled=False, ca_certs=None):
 
 def check_ssl_certificate_and_return_ssl_version(host, port, ca_certs):
   try:
+    # Try with TLSv1 first.
     ssl_version = ssl.PROTOCOL_TLSv1
     ssl.get_server_certificate((host, port), ssl_version=ssl_version, ca_certs=ca_certs)
   except ssl.SSLError as ssl_error:
     print_warning_msg("Failed to verify the SSL certificate for https://{0}:{1} with CA certificate
in {2} using ssl.PROTOCOL_TLSv1."
                       " Trying to use less secure ssl.PROTOCOL_SSLv23. Error : {3}".format(host,
port, ca_certs, str(ssl_error)))
     try:
+      # Try with SSLv23 only if TLSv1 failed.
       ssl_version = ssl.PROTOCOL_SSLv23
       ssl.get_server_certificate((host, port), ssl_version=ssl_version, ca_certs=ca_certs)
     except ssl.SSLError as ssl_error:

http://git-wip-us.apache.org/repos/asf/ambari/blob/179b3565/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-grafana-ini.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-grafana-ini.xml
b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-grafana-ini.xml
index ee0a4ad..90ff540 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-grafana-ini.xml
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-grafana-ini.xml
@@ -46,6 +46,17 @@
     <on-ambari-upgrade add="true"/>
   </property>
   <property>
+    <name>ca_cert</name>
+    <value></value>
+    <description>Path to CA root certificate or bundle to be used to validate the Grafana
certificate against.
+      For self signed certificates, this value can be the same as the value for 'cert_file'.
+      (If a path is not specified, the certificate validation is skipped)</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+  <property>
     <name>content</name>
     <display-name>ams-grafana-ini template</display-name>
     <value>

http://git-wip-us.apache.org/repos/asf/ambari/blob/179b3565/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
index c8d532f..06a4518 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_grafana_util.py
@@ -50,7 +50,7 @@ def perform_grafana_get_call(url, server):
   ca_certs = None
   if grafana_https_enabled:
     import params
-    ca_certs = params.ams_grafana_cert_file
+    ca_certs = params.ams_grafana_ca_cert
 
   for i in xrange(0, GRAFANA_CONNECT_TRIES):
     try:
@@ -90,7 +90,7 @@ def perform_grafana_put_call(url, id, payload, server):
   ca_certs = None
   if grafana_https_enabled:
     import params
-    ca_certs = params.ams_grafana_cert_file
+    ca_certs = params.ams_grafana_ca_cert
 
   for i in xrange(0, GRAFANA_CONNECT_TRIES):
     try:
@@ -125,7 +125,7 @@ def perform_grafana_post_call(url, payload, server):
   ca_certs = None
   if grafana_https_enabled:
     import params
-    ca_certs = params.ams_grafana_cert_file
+    ca_certs = params.ams_grafana_ca_cert
 
   for i in xrange(0, GRAFANA_CONNECT_TRIES):
     try:
@@ -167,7 +167,7 @@ def perform_grafana_delete_call(url, server):
   ca_certs = None
   if grafana_https_enabled:
     import params
-    ca_certs = params.ams_grafana_cert_file
+    ca_certs = params.ams_grafana_ca_cert
 
   for i in xrange(0, GRAFANA_CONNECT_TRIES):
     try:

http://git-wip-us.apache.org/repos/asf/ambari/blob/179b3565/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
index 1733b19..919f26d 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py
@@ -172,6 +172,7 @@ ams_grafana_port = default("/configurations/ams-grafana-ini/port", 3000)
 ams_grafana_protocol = default("/configurations/ams-grafana-ini/protocol", 'http')
 ams_grafana_cert_file = default("/configurations/ams-grafana-ini/cert_file", '/etc/ambari-metrics/conf/ams-grafana.crt')
 ams_grafana_cert_key = default("/configurations/ams-grafana-ini/cert_key", '/etc/ambari-metrics/conf/ams-grafana.key')
+ams_grafana_ca_cert = default("/configurations/ams-grafana-ini/ca_cert", None)
 
 ams_hbase_home_dir = "/usr/lib/ams-hbase/"
 


Mime
View raw message